| #
ec2bfb7d |
| 10-Dec-2020 |
Dr. David von Oheimb |
apps/{req,x509,ca}.c Make sure certs have SKID and AKID X.509 extensions by default
Fixes #13603
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.co
apps/{req,x509,ca}.c Make sure certs have SKID and AKID X.509 extensions by default
Fixes #13603
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)
show more ...
|
| #
9e49aff2 |
| 09-Nov-2020 |
Nicola Tuveri |
Add SM2 private key range validation
According to the relevant standards, the valid range for SM2 private
keys is [1, n-1), where n is the order of the curve generator.
For this
Add SM2 private key range validation
According to the relevant standards, the valid range for SM2 private
keys is [1, n-1), where n is the order of the curve generator.
For this reason we cannot reuse the EC validation function as it is, and
we introduce a new internal function `sm2_key_private_check()`.
Partially fixes https://github.com/openssl/openssl/issues/8435
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)
show more ...
|
| #
ed37336b |
| 09-Nov-2020 |
Nicola Tuveri |
[apps/pkey] Return error on failed `-[pub]check`
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)
|
| #
1c47539a |
| 19-Oct-2020 |
Otto Hollmann |
Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https:
Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12100)
show more ...
|
| #
a86add03 |
| 07-Jan-2021 |
Matt Caswell |
Prepare for 3.0 alpha 11
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
|
| #
cae118f9 |
| 07-Jan-2021 |
Matt Caswell |
Prepare for release of 3.0 alpha 10
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
|
| #
ea780814 |
| 21-Oct-2020 |
Pauli |
dsa: add additional deprecated functions to CHANGES entry.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://g
dsa: add additional deprecated functions to CHANGES entry.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13638)
show more ...
|
| #
a08489e2 |
| 11-Dec-2020 |
Dmitry Belyavskiy |
Documenting the options deprecating in CHANGES.md
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13669)
|
| #
1e13198f |
| 08-Dec-2020 |
Matt Caswell |
Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
af2f14ac |
| 20-Nov-2020 |
Richard Levitte |
ERR: Drop or deprecate dangerous or overly confusing functions
ERR_get_error_line() is deprecated, and ERR_get_error_func() and
ERR_get_error_data() are removed in favor of ERR_get_error
ERR: Drop or deprecate dangerous or overly confusing functions
ERR_get_error_line() is deprecated, and ERR_get_error_func() and
ERR_get_error_data() are removed in favor of ERR_get_error_all(),
since they pop the error record, leaving the caller with only partial
error record data and no way to get the rest if the wish.
If it's desirable to retrieve data piecemeal, the caller should
consider using the diverse ERR_peek functions and finish off with
ERR_get_error().
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13466)
show more ...
|
| #
59d7ad07 |
| 21-Oct-2020 |
Matt Caswell |
Updates the CHANGES.md entry regarding DH deprecation
Extend the existing CHANGES.md entry with information about the
additional functions that have also been deprecated.
Review
Updates the CHANGES.md entry regarding DH deprecation
Extend the existing CHANGES.md entry with information about the
additional functions that have also been deprecated.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)
show more ...
|
| #
e3197e5a |
| 26-Nov-2020 |
Matt Caswell |
Prepare for 3.0 alpha 10
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
| #
68ec3d47 |
| 26-Nov-2020 |
Matt Caswell |
Prepare for release of 3.0 alpha 9
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
| #
f5a46ed7 |
| 12-Nov-2020 |
Richard Levitte |
Modify the ERR init functions to use the internal ERR string loaders
This deprecates all the ERR_load_ functions, and moves their definition to
separate C source files that can easily be
Modify the ERR init functions to use the internal ERR string loaders
This deprecates all the ERR_load_ functions, and moves their definition to
separate C source files that can easily be removed when those functions are
finally removed.
This also reduces include/openssl/kdferr.h to include cryptoerr_legacy.h,
moves the declaration of ERR_load_ERR_strings() from include/openssl/err.h
to include/openssl/cryptoerr_legacy.h, and finally removes the declaration
of ERR_load_DSO_strings(), which was entirely internal anyway.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13390)
show more ...
|
| #
1b2a55ff |
| 23-Oct-2020 |
Matt Caswell |
Add a CHANGES.md entry for the "tmp_dh" functions/macros
Describe the tmp_dh deprecations, and what applications should do instead.
Reviewed-by: Richard Levitte <levitte@openssl.org
Add a CHANGES.md entry for the "tmp_dh" functions/macros
Describe the tmp_dh deprecations, and what applications should do instead.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13368)
show more ...
|
| #
a18cf8fc |
| 12-Nov-2020 |
Rich Salz |
Remove -C option from x509 command
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pu
Remove -C option from x509 command
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13384)
show more ...
|
| #
1696b890 |
| 11-Nov-2020 |
Rich Salz |
Remove -C from dhparam,dsaparam,ecparam
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/opens
Remove -C from dhparam,dsaparam,ecparam
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13384)
show more ...
|
| #
c87a7f31 |
| 04-Nov-2020 |
Pauli |
apps/passwd: remove the -crypt option.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl
apps/passwd: remove the -crypt option.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13313)
show more ...
|
| #
0e071fbc |
| 04-Nov-2020 |
David von Oheimb |
CHANGES.md: Mention (strict) checks recently added to X509_verify_cert()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13312)
|
| #
ecabd006 |
| 05-Nov-2020 |
Matt Caswell |
Prepare for 3.0 alpha 9
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
| #
20d7295c |
| 05-Nov-2020 |
Matt Caswell |
Prepare for release of 3.0 alpha 8
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
| #
9750b4d3 |
| 29-Oct-2020 |
Randall S. Becker |
Moved OPENSSL_fork_prepare,_parent,_child from init.c to threads_pthread.c.
These methods should ultimately be deprecated. The move is to insulate
non-UNIX platforms from these undefined
Moved OPENSSL_fork_prepare,_parent,_child from init.c to threads_pthread.c.
These methods should ultimately be deprecated. The move is to insulate
non-UNIX platforms from these undefined symbols.
CLA: Permission is granted by the author to the OpenSSL team to use
these modifications.
Fixes #13273
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13276)
show more ...
|
| #
8ea761bf |
| 29-Oct-2020 |
Shane Lontis |
Add AES KW inverse ciphers to the EVP layer
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13272)
|
| #
0a737e16 |
| 09-Oct-2020 |
Matt Caswell |
Deprecate EVP_PKEY_set1_tls_encodedpoint()
Also deprecate EVP_PKEY_get1_tls_encodedpoint().
The preferred alternative is EVP_PKEY_set1_encoded_public_key() and
EVP_PKEY_get1_enc
Deprecate EVP_PKEY_set1_tls_encodedpoint()
Also deprecate EVP_PKEY_get1_tls_encodedpoint().
The preferred alternative is EVP_PKEY_set1_encoded_public_key() and
EVP_PKEY_get1_encoded_public_key().
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13105)
show more ...
|
| #
372e72b1 |
| 15-Oct-2020 |
Matt Caswell |
Add a CHANGES entry for the SSL_SECOP_TMP_DH change
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.
Add a CHANGES entry for the SSL_SECOP_TMP_DH change
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13136)
show more ...
|
